diff options
| author | Julian Anastasov <ja@ssi.bg> | 2011-03-19 08:13:49 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-03-22 04:06:32 -0400 |
| commit | e6abbaa2725a43cf5d26c4c2a5dc6c0f6029ea19 (patch) | |
| tree | 65d9d9deb7259322e83fc750b98f4ad9f7a51f56 /net | |
| parent | 74cb3c108bc0f599a4eb40980db8580cfba725c9 (diff) | |
ipv4: fix route deletion for IPs on many subnets
Alex Sidorenko reported for problems with local
routes left after IP addresses are deleted. It happens
when same IPs are used in more than one subnet for the
device.
Fix fib_del_ifaddr to restrict the checks for duplicate
local and broadcast addresses only to the IFAs that use
our primary IFA or another primary IFA with same address.
And we expect the prefsrc to be matched when the routes
are deleted because it is possible they to differ only by
prefsrc. This patch prevents local and broadcast routes
to be leaked until their primary IP is deleted finally
from the box.
As the secondary address promotion needs to delete
the routes for all secondaries that used the old primary IFA,
add option to ignore these secondaries from the checks and
to assume they are already deleted, so that we can safely
delete the route while these IFAs are still on the device list.
Reported-by: Alex Sidorenko <alexandre.sidorenko@hp.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/fib_frontend.c | 101 |
1 files changed, 88 insertions, 13 deletions
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index a373a259253c..02c3ba61884a 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c | |||
| @@ -722,12 +722,17 @@ void fib_add_ifaddr(struct in_ifaddr *ifa) | |||
| 722 | } | 722 | } |
| 723 | } | 723 | } |
| 724 | 724 | ||
| 725 | static void fib_del_ifaddr(struct in_ifaddr *ifa) | 725 | /* Delete primary or secondary address. |
| 726 | * Optionally, on secondary address promotion consider the addresses | ||
| 727 | * from subnet iprim as deleted, even if they are in device list. | ||
| 728 | * In this case the secondary ifa can be in device list. | ||
| 729 | */ | ||
| 730 | void fib_del_ifaddr(struct in_ifaddr *ifa, struct in_ifaddr *iprim) | ||
| 726 | { | 731 | { |
| 727 | struct in_device *in_dev = ifa->ifa_dev; | 732 | struct in_device *in_dev = ifa->ifa_dev; |
| 728 | struct net_device *dev = in_dev->dev; | 733 | struct net_device *dev = in_dev->dev; |
| 729 | struct in_ifaddr *ifa1; | 734 | struct in_ifaddr *ifa1; |
| 730 | struct in_ifaddr *prim = ifa; | 735 | struct in_ifaddr *prim = ifa, *prim1 = NULL; |
| 731 | __be32 brd = ifa->ifa_address | ~ifa->ifa_mask; | 736 | __be32 brd = ifa->ifa_address | ~ifa->ifa_mask; |
| 732 | __be32 any = ifa->ifa_address & ifa->ifa_mask; | 737 | __be32 any = ifa->ifa_address & ifa->ifa_mask; |
| 733 | #define LOCAL_OK 1 | 738 | #define LOCAL_OK 1 |
| @@ -735,17 +740,26 @@ static void fib_del_ifaddr(struct in_ifaddr *ifa) | |||
| 735 | #define BRD0_OK 4 | 740 | #define BRD0_OK 4 |
| 736 | #define BRD1_OK 8 | 741 | #define BRD1_OK 8 |
| 737 | unsigned ok = 0; | 742 | unsigned ok = 0; |
| 743 | int subnet = 0; /* Primary network */ | ||
| 744 | int gone = 1; /* Address is missing */ | ||
| 745 | int same_prefsrc = 0; /* Another primary with same IP */ | ||
| 738 | 746 | ||
| 739 | if (!(ifa->ifa_flags & IFA_F_SECONDARY)) | 747 | if (ifa->ifa_flags & IFA_F_SECONDARY) { |
| 740 | fib_magic(RTM_DELROUTE, | ||
| 741 | dev->flags & IFF_LOOPBACK ? RTN_LOCAL : RTN_UNICAST, | ||
| 742 | any, ifa->ifa_prefixlen, prim); | ||
| 743 | else { | ||
| 744 | prim = inet_ifa_byprefix(in_dev, any, ifa->ifa_mask); | 748 | prim = inet_ifa_byprefix(in_dev, any, ifa->ifa_mask); |
| 745 | if (prim == NULL) { | 749 | if (prim == NULL) { |
| 746 | printk(KERN_WARNING "fib_del_ifaddr: bug: prim == NULL\n"); | 750 | printk(KERN_WARNING "fib_del_ifaddr: bug: prim == NULL\n"); |
| 747 | return; | 751 | return; |
| 748 | } | 752 | } |
| 753 | if (iprim && iprim != prim) { | ||
| 754 | printk(KERN_WARNING "fib_del_ifaddr: bug: iprim != prim\n"); | ||
| 755 | return; | ||
| 756 | } | ||
| 757 | } else if (!ipv4_is_zeronet(any) && | ||
| 758 | (any != ifa->ifa_local || ifa->ifa_prefixlen < 32)) { | ||
| 759 | fib_magic(RTM_DELROUTE, | ||
| 760 | dev->flags & IFF_LOOPBACK ? RTN_LOCAL : RTN_UNICAST, | ||
| 761 | any, ifa->ifa_prefixlen, prim); | ||
| 762 | subnet = 1; | ||
| 749 | } | 763 | } |
| 750 | 764 | ||
| 751 | /* Deletion is more complicated than add. | 765 | /* Deletion is more complicated than add. |
| @@ -755,6 +769,49 @@ static void fib_del_ifaddr(struct in_ifaddr *ifa) | |||
| 755 | */ | 769 | */ |
| 756 | 770 | ||
| 757 | for (ifa1 = in_dev->ifa_list; ifa1; ifa1 = ifa1->ifa_next) { | 771 | for (ifa1 = in_dev->ifa_list; ifa1; ifa1 = ifa1->ifa_next) { |
| 772 | if (ifa1 == ifa) { | ||
| 773 | /* promotion, keep the IP */ | ||
| 774 | gone = 0; | ||
| 775 | continue; | ||
| 776 | } | ||
| 777 | /* Ignore IFAs from our subnet */ | ||
| 778 | if (iprim && ifa1->ifa_mask == iprim->ifa_mask && | ||
| 779 | inet_ifa_match(ifa1->ifa_address, iprim)) | ||
| 780 | continue; | ||
| 781 | |||
| 782 | /* Ignore ifa1 if it uses different primary IP (prefsrc) */ | ||
| 783 | if (ifa1->ifa_flags & IFA_F_SECONDARY) { | ||
| 784 | /* Another address from our subnet? */ | ||
| 785 | if (ifa1->ifa_mask == prim->ifa_mask && | ||
| 786 | inet_ifa_match(ifa1->ifa_address, prim)) | ||
| 787 | prim1 = prim; | ||
| 788 | else { | ||
| 789 | /* We reached the secondaries, so | ||
| 790 | * same_prefsrc should be determined. | ||
| 791 | */ | ||
| 792 | if (!same_prefsrc) | ||
| 793 | continue; | ||
| 794 | /* Search new prim1 if ifa1 is not | ||
| 795 | * using the current prim1 | ||
| 796 | */ | ||
| 797 | if (!prim1 || | ||
| 798 | ifa1->ifa_mask != prim1->ifa_mask || | ||
| 799 | !inet_ifa_match(ifa1->ifa_address, prim1)) | ||
| 800 | prim1 = inet_ifa_byprefix(in_dev, | ||
| 801 | ifa1->ifa_address, | ||
| 802 | ifa1->ifa_mask); | ||
| 803 | if (!prim1) | ||
| 804 | continue; | ||
| 805 | if (prim1->ifa_local != prim->ifa_local) | ||
| 806 | continue; | ||
| 807 | } | ||
| 808 | } else { | ||
| 809 | if (prim->ifa_local != ifa1->ifa_local) | ||
| 810 | continue; | ||
| 811 | prim1 = ifa1; | ||
| 812 | if (prim != prim1) | ||
| 813 | same_prefsrc = 1; | ||
| 814 | } | ||
| 758 | if (ifa->ifa_local == ifa1->ifa_local) | 815 | if (ifa->ifa_local == ifa1->ifa_local) |
| 759 | ok |= LOCAL_OK; | 816 | ok |= LOCAL_OK; |
| 760 | if (ifa->ifa_broadcast == ifa1->ifa_broadcast) | 817 | if (ifa->ifa_broadcast == ifa1->ifa_broadcast) |
| @@ -763,19 +820,37 @@ static void fib_del_ifaddr(struct in_ifaddr *ifa) | |||
| 763 | ok |= BRD1_OK; | 820 | ok |= BRD1_OK; |
| 764 | if (any == ifa1->ifa_broadcast) | 821 | if (any == ifa1->ifa_broadcast) |
| 765 | ok |= BRD0_OK; | 822 | ok |= BRD0_OK; |
| 823 | /* primary has network specific broadcasts */ | ||
| 824 | if (prim1 == ifa1 && ifa1->ifa_prefixlen < 31) { | ||
| 825 | __be32 brd1 = ifa1->ifa_address | ~ifa1->ifa_mask; | ||
| 826 | __be32 any1 = ifa1->ifa_address & ifa1->ifa_mask; | ||
| 827 | |||
| 828 | if (!ipv4_is_zeronet(any1)) { | ||
| 829 | if (ifa->ifa_broadcast == brd1 || | ||
| 830 | ifa->ifa_broadcast == any1) | ||
| 831 | ok |= BRD_OK; | ||
| 832 | if (brd == brd1 || brd == any1) | ||
| 833 | ok |= BRD1_OK; | ||
| 834 | if (any == brd1 || any == any1) | ||
| 835 | ok |= BRD0_OK; | ||
| 836 | } | ||
| 837 | } | ||
| 766 | } | 838 | } |
| 767 | 839 | ||
| 768 | if (!(ok & BRD_OK)) | 840 | if (!(ok & BRD_OK)) |
| 769 | fib_magic(RTM_DELROUTE, RTN_BROADCAST, ifa->ifa_broadcast, 32, prim); | 841 | fib_magic(RTM_DELROUTE, RTN_BROADCAST, ifa->ifa_broadcast, 32, prim); |
| 770 | if (!(ok & BRD1_OK)) | 842 | if (subnet && ifa->ifa_prefixlen < 31) { |
| 771 | fib_magic(RTM_DELROUTE, RTN_BROADCAST, brd, 32, prim); | 843 | if (!(ok & BRD1_OK)) |
| 772 | if (!(ok & BRD0_OK)) | 844 | fib_magic(RTM_DELROUTE, RTN_BROADCAST, brd, 32, prim); |
| 773 | fib_magic(RTM_DELROUTE, RTN_BROADCAST, any, 32, prim); | 845 | if (!(ok & BRD0_OK)) |
| 846 | fib_magic(RTM_DELROUTE, RTN_BROADCAST, any, 32, prim); | ||
| 847 | } | ||
| 774 | if (!(ok & LOCAL_OK)) { | 848 | if (!(ok & LOCAL_OK)) { |
| 775 | fib_magic(RTM_DELROUTE, RTN_LOCAL, ifa->ifa_local, 32, prim); | 849 | fib_magic(RTM_DELROUTE, RTN_LOCAL, ifa->ifa_local, 32, prim); |
| 776 | 850 | ||
| 777 | /* Check, that this local address finally disappeared. */ | 851 | /* Check, that this local address finally disappeared. */ |
| 778 | if (inet_addr_type(dev_net(dev), ifa->ifa_local) != RTN_LOCAL) { | 852 | if (gone && |
| 853 | inet_addr_type(dev_net(dev), ifa->ifa_local) != RTN_LOCAL) { | ||
| 779 | /* And the last, but not the least thing. | 854 | /* And the last, but not the least thing. |
| 780 | * We must flush stray FIB entries. | 855 | * We must flush stray FIB entries. |
| 781 | * | 856 | * |
| @@ -896,7 +971,7 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, | |||
| 896 | rt_cache_flush(dev_net(dev), -1); | 971 | rt_cache_flush(dev_net(dev), -1); |
| 897 | break; | 972 | break; |
| 898 | case NETDEV_DOWN: | 973 | case NETDEV_DOWN: |
| 899 | fib_del_ifaddr(ifa); | 974 | fib_del_ifaddr(ifa, NULL); |
| 900 | fib_update_nh_saddrs(dev); | 975 | fib_update_nh_saddrs(dev); |
| 901 | if (ifa->ifa_dev->ifa_list == NULL) { | 976 | if (ifa->ifa_dev->ifa_list == NULL) { |
| 902 | /* Last address was deleted from this interface. | 977 | /* Last address was deleted from this interface. |